chevron-down Created with Sketch Beta.

The Business Lawyer

Summer 2023 | Volume 78, Issue 3

Corporate Compliance’s Achilles Heel

Miriam Baer

Corporate Compliance’s Achilles Heel Berg

Jump to:


In the two decades that have elapsed since the enactment of Sarbanes-Oxley, corporate compliance has solidified into an essential, universally respected corporate governance function. And yet, its future may be compromised by a development that compliance scholars have yet to address, namely the political polarization of our society. As the workplace becomes more politically polarized, and government enforcement institutions become or appear more politicized, compliance programs will again encounter difficulties in ensuring adequate flows of information and prompt detection and redress of wrongdoing. With Sarbanes-Oxley in its rearview mirror, this article aims to contextualize this problem and explore several of its concrete manifestations.


To an outer-space visitor who first touched down on Earth in 2002 and returned two decades later, the story of corporate compliance’s evolution in the intervening two decades is largely one of success. “Compliance” is an essential, prominent function of any publicly held company. It writes and oversees the company’s code of conduct. It spearheads the company’s internal monitoring and policing efforts. It coordinates risk-management activities and keeps the company’s board abreast of emerging legal and operational issues. It is a billion-dollar industry, due in part to its use of sophisticated technologies, measurement, and training materials. It promises a lucrative career pathway for lawyers and mid-level employees. It is embedded in the federal government’s principles for deciding whether and how to charge a corporation with a crime, as well as the sentencing guidelines that shape the federal punishments that courts impose on convicted organizations. And most recently, it has become the focal point of a string of Delaware judicial opinions that have reaffirmed the corporate director’s fiduciary duty to ensure the compliance program is more than a sham. In sum, compliance has matured into a complex and well-respected function that supports diverse monitoring and governance goals. Everyone is in favor of it and few could imagine a world without it.

But our outer-space visitor might be surprised to hear from academics and critics that, despite all its bells and whistles, compliance’s achievements are not as solid as they appear. Less than a decade after Congress enacted the 2002 Sarbanes-Oxley Act, a severely underregulated mortgage securities industry triggered a crisis that nearly ground the American banking system to a halt and saddled the American worker with a long-lasting recession. Notwithstanding the dearth of criminal prosecutions that followed this crisis, many attributed it to different degrees of recklessness and wrongdoing within the financial sector. Compliance, many argued, failed to do its job.

The fear that compliance is more superficial than real has surfaced periodically since the Financial Crisis, in the wake of scandals pertaining to everything from sexual assault to the private sector’s handling of successive car and airplane accidents. For all the money companies spend on compliance, they still seem to be remarkably adept at encouraging, acquiescing in, and forestalling the discovery of non-compliant behavior.

When corporate wrongdoing becomes or is perceived as pervasive, it places the compliance function in a precarious position. If an activity as expensive as compliance repeatedly fails to live up to its promise, its future is far from guaranteed. Until now, these shortcomings have been viewed primarily through a structural lens, one that seeks to secure better outcomes by experimenting with different legal and regulatory levers. This structural approach, even as it criticizes corporate behavior, often portrays the compliance mission in an idealistic and fairly positive light. Its literature generates relatively optimistic narratives of what compliance can achieve if properly assembled and reformed. It assumes that if organizations and institutions pay better attention to “choice architecture” and incentives, and to cultural dynamics and soft norms, the compliance function itself will eventually right itself and the specter of wrongdoing will abate.

My aim here is to demonstrate why this mode of inquiry is incomplete and increasingly anachronistic. A literature that has so adeptly explored incentives, heuristics, and blind spots has devoted comparatively less attention to emerging issues of political partisanship and politicization. Academic discussions of compliance have yet to contemplate the importance of highly contested presidential and congressional party elections, the alarming increase of electorate polarization and segregation, and the impact of society’s waning support for government institutions. Polarization and politicization, long the preoccupation of political scientists and social psychologists, have yet to infiltrate the compliance scholar’s lexicon. This article seeks to initiate this conversation. If we have learned anything in the past decade, it is that political partisanship not only impacts government and quasi-government institutions, but it also impacts how the public perceives them and how much legitimacy they enjoy. Moreover, insofar as corporate political advocacy in on the rise, our political debates clearly affect how corporate officers and employees conceptualize their jobs. It therefore stands to reason that politics and politicization profoundly affect the implementation and success of corporate compliance. Indeed, in the years to come, political partisanship may become compliance’s most pressing challenge, and perhaps its Achilles heel if we choose to ignore it. Accordingly, as we look back on the past two decades and examine Sarbanes-Oxley’s legacy, perhaps the most fruitful thing we can do is address polarization’s implications for the very industry that Sarbanes-Oxley helped initiate and develop. The social and political atmosphere that accompanied 2002’s Sarbanes-Oxley Act is dramatically different from the one we encounter today, and that distinction foretells profound challenges for corporate compliance officers, especially those who operate according to norms and assumptions inherited from previous generations.

The remainder of this article unfolds as follows: Part I briefly places Sarbanes-Oxley in context as one of the major pieces of federal legislation that cemented compliance’s importance as a corporate governance function. Part II recounts, for the uninitiated, several of compliance’s perennial challenges, from its relationship to the company’s board to its interaction with the company’s employees and government enforcement agencies. Because these questions are structural, they are reassuringly abstract and universal. They are “firm-level” questions that exist wholly apart from politics or political party. Moreover, within the compliance literature, they are often portrayed as problems that can be solved.

Part III introduces the topic of polarization. Political developments over the past two decades pose disparate obstacles for corporate compliance departments. Polarization and politicization collectively distort the tools compliance officers have come to rely on to secure adherence to legal norms. Moreover, they do so unevenly. Some industries are apt to feel polarization’s effects more acutely than others. The political lens thus scrambles an enforcement agency’s predictive abilities in deciding which industries are most apt to experience bouts of noncompliance. It further weakens the compliance officer’s ability to spread pro-social norms and encourage essential crime-fighting behaviors such as whistleblowing.

Part III wraps up by revisiting three trends that look decidedly different when viewed through the political lens. The first pertains to automation. Regardless of how much machine-learning a compliance officer would prefer in the abstract, “politics” all but ensures that companies will lean more heavily on machines in both the near and short term. The second is the work-from-home movement. One can imagine numerous reasons a compliance officer might prefer in-person interactions to a purely remote workplace. Nevertheless, regardless of its positive and negative features, a remote or hybrid workplace offers distinct benefits in a polarized world. To coworkers who are politically antagonistic, work-from-home is the mechanism that enables individuals from different locations and demographic groups to engage productively with each other.

The third trend concerns our evolving enforcement environment. Twenty years ago, many would have identified the Department of Justice as the institution with the greatest influence over corporate compliance, mirroring Sarbanes-Oxley’s national, universalized approach to corporate governance and compliance. Today, that national approach is quickly yielding to more local enforcement efforts, as state AGs, local agencies, and state courts have shown a renewed interest in the corporation’s internal enforcement apparatus.

The political lens helps us contextualize and assess compliance enforcement’s decentralization. If federal-level enforcement becomes so politicized that it fails to attract institutional and popular support, state and private enforcement mechanisms should be welcomed as potentially viable alternatives. Indeed, if the past two decades have reflected a strong national approach to compliance regulation, our current atmosphere seems poised to bring about a very different type of oversight framework featuring different institutions, norms, and actors.

With these thoughts in mind, Part IV concludes with some thoughts on how compliance scholars can incorporate and apply the polarization literature’s warnings and lessons, as well as the challenges corporate practitioners are likely to confront as they attempt to uphold compliance’s venerable mission of preventing and redressing corporate wrongdoing.

I. Sarbanes-Oxley and the Emergence of the Compliance Function

The story of corporate compliance neither begins nor ends with Sarbanes-Oxley. Efforts to stamp out corruption, fraud, and other corporate criminal behavior have long underpinned the federal government’s efforts to prompt corporations to investigate and monitor their employees and customers. Sarbanes-Oxley was just one of numerous tools the government deployed to reassure the nation’s stockholders that their investments would be uncorrupted by widespread fraud.

Many corporate crime-fighting statutes and policies pre-date Sarbanes-Oxley. The Foreign Corrupt Practices Act, which forbade corporations from bribing foreign officials, was enacted in the late 1970s and directed corporations to develop a system of internal controls that kept track of payments. During this post-Watergate time period, regulatory agencies such as the Department of Defense also developed compliance-type rules for contractors competing for lucrative defense contracts. The Bank Secrecy Act and federal anti-money laundering laws forced banks to “know” their customers and (more importantly) monitor and report their suspicious bank accounts to the Treasury Department.

More broadly, in 1991, the Organizational Sentencing Guidelines, the product of the Sentencing Commission’s multi-year effort to create guidelines for federal judges tasked with sentencing corporate offenders, created a multi-factor rubric that graded corporate offenders more gently if they had in place an “effective” compliance program. The Department of Justice, meanwhile, began experimenting in the early 1990s with so-called “deferred prosecution agreements,” extrajudicial agreements that relieved the corporation of a criminal conviction in exchange for a package of commitments, including the promise to implement or upgrade one’s compliance program. The DOJ eventually memorialized the broad factors that Main Justice expected its prosecutors to consider in deciding and implementing corporate charging decisions.

The 1999 Holder Memo, named for Eric Holder, the (Democratic) Deputy Attorney General at the time, eventually became the blueprint for the Department’s approach to corporate crime and its remediation. After several iterations, it would eventually be added to the department’s Justice Manual, and would also be supplemented by a compliance manual advising of the specific characteristics that prosecutors should consider when judging a compliance program’s soundness.

Taking note of these practical developments, the Delaware Chancery court advised in an opinion written by Chancellor Allen that the corporation’s board members harbored an oversight duty to ensure that the company’s internal monitoring systems were intact. The so-called Caremark duty was eventually construed as a component of the duty of loyalty, but it applied only to a “sustained and systemic failure of the board to exercise oversight.” It remained difficult to prove a violation of such duty until a few years ago, when the Delaware courts expanded (or clarified) the Caremark duty to include more than ensuring the corporate compliance program’s bare existence, particularly where “mission critical” safety or regulatory issues were afoot.

Within this long arc, Sarbanes-Oxley occupies an interesting place. Practically speaking, its compliance-related regulations imposed modest pressure on the large, highly regulated institutions whose officers had already created departments in response to regulatory requirements and federal enforcement initiatives.

More importantly, as a rhetorical device, Sarbanes-Oxley reinforced the notion that “compliance” was an essential tool in the nation’s anti-crime toolbox, a box that was almost exclusively maintained by federal authorities. On the heels of Enron’s dissolution and Worldcom’s bankruptcy filing, Sarbanes-Oxley, along with the highly reported federal prosecutions of Enron and Worldcom executives, focused the nation’s attention on federal law enforcement agencies, particularly the DOJ and its storied United States Attorneys’ Offices, as institutions that could be relied upon to rein in corporate misconduct. Accordingly, the lawyers who advised post-Enron companies on their internal controls did so with an eye toward quelling federal investigations and avoiding federal criminal charges.

None of this is surprising when one considers several of SOX’s key compliance-related and criminal law initiatives, which included:

Changes to the Federal Criminal Code

  • An increase in the maximum statutory sentences for federal prosecutions under the mail and wire fraud statutes, from five to twenty years’ imprisonment.
  • The enactment of a new securities fraud statute, 18 U.S.C. § 1848, whose statutory maximum sentence was also twenty years’ imprisonment.
  • The enactment of new and revised obstruction-of-justice provisions, which more broadly prohibited and punished the destruction of documents likely to be requested in investigations and judicial proceedings.

Instructions to the United States Sentencing Commission

  • An instruction to the Sentencing Commission to increase the (then mandatory) Sentencing Guidelines’ recommended sentencing ranges of imprisonment for crimes relating to fraud and theft.
  • An instruction to the Sentencing Commission to review its Organizational Guidelines to ensure they were sufficient “to deter and punish organizational criminal misconduct.” This language prompted the Commission to promulgate policy language defining an “effective” compliance program.

Whistleblowing Protection

  • Section 805 of the Act introduced anti-retaliation protections for corporate whistleblowers, including the ability to bring an administrative action through OSHA seeking back pay. Although these measures were ultimately eclipsed by stronger protections and eventually bounty programs, the Act was notable for these initial efforts at providing whistleblowing protection.

Statutory Changes Directed at Corporate Governance

  • Section 302, which demanded the truthful certification by the CEO and CFO as to the veracity and completeness of the publicly traded company’s annual and quarterly financial disclosures.
  • Section 404, which required that the company’s managers describe and attest to its “internal controls over financial reporting,” and secure an opinion from an independent auditor regarding those controls.

SOX featured many other provisions, but the foregoing are the components that heightened federal criminal law’s salience to corporate boards and to the compliance officers they would soon hire and promote.

SOX also facilitated the growth and maturation of the compliance industry and the development of compliance as an internal governance function. The purpose of developing a compliance program—an “effective” one as defined by the Sentencing Commission—was to discourage, detect, and promptly report to government enforcers internally detected instances of employee wrongdoing. Articles from this time period portray the corporate compliance department as a bridge between the company and the prosecutor’s office, the go-between that would benefit the company while also reducing the government’s enforcement load.

There were, of course, cracks in the foundation of this internal/external enforcement partnership. For one thing, the law itself never fully supported the concept. As I have argued elsewhere:

Lawyers owe fiduciary duties, duties of zealous representation, and duties of confidentiality to their clients—and certainly not to government prosecutors… . Prosecutors, in turn, owe duties to the general public—and not to corporate shareholders… . The DOJ’s Corporate Enforcement Policy may appear to have created a lay “partnership” between external enforcers and internal corporate investigators, but this model is inherently unstable.

Evidence of these conceptual weaknesses occasionally surfaced, such as when the government pressured the company to interfere in its employees’ attorney-client relationship (as with the government’s pursuit of KPMG for its tax shelter business), or when the government appeared to commandeer the company’s investigation, thereby triggering the Fifth Amendment’s privilege against self-incrimination (as in Deutsche Bank’s recent LIBOR debacle).

Notwithstanding these setbacks, the corporation’s internal policing apparatus has continued to serve as an essential crime-fighting tool. As one scholar recently observed, “[c]ompanies pour hundreds of billions of dollars into internal compliance programs meant to prevent and detect wrongdoing by their employees.” Sarbanes-Oxley did not create this apparatus from whole cloth, but it vastly reinforced it and promoted its salience. Legislation such as Sarbanes-Oxley made companies more likely to bulk up their compliance departments, and despite efforts to roll back some of Sarbanes-Oxley’s oversight, few practitioners or policymakers have argued with the idea that companies have a continuing obligation to monitor and police themselves.

II. Compliance as a Structural Puzzle

As compliance has evolved into a stable, essential function of corporate governance, scholars have approached it as a structural puzzle to be tweaked and updated as new information emerges. Fields such as behavioral psychology, systems design, and organizational theory have combined to inform this approach.

Most agree that the compliance function’s essential mission is to induce the organization to prevent, deter, investigate, and remediate wrongdoing. This multi-pronged goal promotes a series of debates of the “who,” “what,” and “how” varieties. The “who” questions ask who should implement and oversee the compliance department. Should the compliance officer be an attorney or an independent “professional”? Do we want her to report to the general counsel or directly to the board? Finally, who will we rely on to measure compliance’s activities and validate its successes or failures?

The “what” questions relate to compliance’s objectives. Does it exist solely to deter and remediate violations of law? If so, which violations of law? (Surely, no one wants a compliance function to focus on every ordinance or regulation ever written.) Does the compliance function play a role in flagging and remediating risk? What role should it play in inculcating prosocial norms and values, and should values and norms be its aim or risk and deterrence?

The “how” questions are the most concrete. How does the compliance function obtain information from the company’s employees, and how does it overcome trust issues in doing so? How does it bridge pernicious silo issues, in which the various components of the company are either unwilling or unable to effectively communicate with each other? And finally, how does the compliance function serve the firm’s interests, while also serving the interests of the government enforcement agencies, who have at times viewed the company’s compliance officers as junior enforcement officers?

Mirroring this inquiry, the legal academy’s description of corporate wrongdoing is also often described in curiously apolitical terms. Criminology’s venerated fraud triangle describes a trio of pressure, opportunity, and “neutralizations” that lead individuals to commit offenses such as fraud or bribery. A wide range of behavioral and organizational literature (much of it catalyzed by Donald Langevoort’s work) explains how tournaments, overoptimism, and herd behavior promote excessive risk-taking and goal-setting, often setting the corporation up for a big fall and revelations of wrongdoing. Business ethicists explain how blind spots and “fading” dynamics are strong enough to affect nearly everyone, depending on the situation. None of us is a monster, but all of us are vulnerable to pressures and opportunities that cause us to fall on the wrong side of legal and ethical lines.

There is something soothing to be found in these narratives, even as they illuminate compliance’s shortcomings in curbing greed and opportunism. Indeed, Sarbanes-Oxley itself betrays this optimism. Remove temptations (like corporate loans to executive officers), induce internal monitoring (by forcing corporate officers to report on and certify internal controls), ramp up whistleblowing and attorney gatekeeping (through anti-retaliation protections and up-the-ladder reporting rules), and finally claw back executive compensation (for executives whose companies issue eventual restatements), and somehow the enforcement pieces will all fall into place. Or, in more technical terms: If a corporation implements these structural innovations, its “policing agency costs” will decrease, at least just enough to make an enforcement agency’s job marginally more manageable.

Roberta Romano famously derided many of Sarbanes-Oxley’s underlying assumptions as “quack corporate governance.” A bevy of scholars responded just as lustily that she was wrong. Where compliance is concerned, one need not resolve this debate. The atmosphere that created Sarbanes-Oxley no longer exists. Two decades after a bipartisan Congress rushed legislation into existence, our national electorate is far more fractured, and their elected representatives are far less able to reach agreement on anything. Further, the corporate workplace that Sarbanes’ defenders and critics visualized is also an anachronism, as it envisioned a workplace and boardroom where individuals met and interacted in person. Accordingly, regardless of how one views the laws and regulatory provisions that enabled the compliance function to solidify in 2002, one would be hard pressed to imagine them playing out the same way 2022, in Congress much less in any virtual boardroom or hybrid workplace.

III. The Politicized View of Compliance

The remainder of this article asks what compliance looks like once we focus our attention on the political dynamics of any given company. I do not mean this approach to be a shorthand for debates over public policy. Corporations have influenced public debates for centuries. The question of how deeply corporations are or should be enmeshed in local or national political processes, or in social issues of concern, is hardly a new one. Corporate political advocacy is an important development, but not the singular focus of this Part.

Nor do I mean to invoke questions concerning the corporation’s direct influence over elections. This, too, is nothing new, even if the Supreme Court’s Citizens United case remains controversial. Finally, at least at this juncture, I do not intend to address recent efforts by numerous corporations to openly embrace diversity, equity, and inclusion (DEI) or corporate social responsibility (CSR), to diversify their boardrooms, or to consciously adopt an environmental, social, and governance (ESG) framework. These developments are unquestionably important, but they ultimately are byproducts of the degree to which our political atmosphere has changed within the past two decades.

To contextualize and understand this change, this Part begins by surfacing the phenomenon known as affective polarization, a psychological outgrowth of political partisanship. Section A introduces this concept and queries how polarization subconsciously influences compliance. Section B turns attention to the rising politicization—perceived or actual—of enforcement institutions such as the Department of Justice. Sections C and D theorize how politicization impacts life abstractly and concretely within corporate settings.

A. Polarization

According to the latest surveys and reports, our society is more politically and socially fractured than it was even two decades ago. Citizens are polarized along multiple dimensions, including age, gender, ethnicity, class, and educational attainment. Ideological polarization, which has itself increased over the past half-century, has given way to what political scientists call “affective polarization,” the phenomenon by which partisans move beyond disagreement on specific policies and instead associate political affiliation with social identity. Affective polarization predicts that members of a particular political party will view “in group” members highly favorably and “out group” members with hostility, even when objective evidence suggests one should do otherwise. Researchers in this area disagree on the causes of affective polarization, but they agree strongly that it exists and has transformed “mild dislike” of one’s political opponents into hostility and animus. There is broad agreement as well that affective polarization has surged in the past two decades, that it extends beyond political campaigns or specific issues, and that it has the power to transform social and casual encounters.

Thus, we live in a world in which Democrats and Republicans intensely dislike each other. They increasingly choose not to live amongst or marry each other. They do not buy the same things, belong to the same civic institutions, or attend the same houses of worship. Most importantly for compliance purposes, they also prefer not to do business with or work with each other.

This preference permeates the highest echelons of corporate management. Recent scholarship by Fos, Kempf, and Toutsoura demonstrates that corporate executive teams have become “increasingly partisan” even as they have added more women to their ranks. Corporate team members are more inclined to lean toward the Republican party. Regardless of their political affiliation, they have become more partisan, and their partisanship produces “assertive matching,” whereby leaders and teams instinctively attempt to match with like-minded colleagues. As a corporate team grows more polarized, misaligned executives become more likely to depart their firms. Their departures, in turn, are followed by subsequent reductions in shareholder wealth, a phenomenon the authors themselves are unable to explain. Such partisanship is not limited to publicly held corporations. Numerous researchers have cited political partisanship in start-up firms, national law firms, across boards, and among rank-and-file employees.

Why might this be a problem for corporate compliance? Compliance has always depended on healthy degrees of interpersonal trust, deliberation, and analysis. The corporation motivates its employees to abide by the law and then takes steps to monitor wrongdoing and redress situations that encourage or permit lawbreaking. Compliance’s success relies on the willingness of mid- and low-level employees to voice their concerns and communicate their knowledge to internal compliance officers and other high-level officials within the firm. For firms to detect and report wrongdoing, as well as to detect and redress vulnerabilities to wrongdoing, employees and supervisors must respect and trust each other and their organization’s processes.

Extreme polarization reduces trust and quashes group deliberation. When groups are polarized, “outsider” opinions are at risk of being disregarded, suppressed, or self-censored. Even worse, when a polarized group obtains new information, its members fail to rationally update their assumptions and shift policies. Instead, they are likely to engage in biased assimilation. That is, they may cherry pick and distort the information they have received so that they may affirm their prior beliefs. Instead of moving away from objectively incorrect assumptions, they will double down on those beliefs, making decisions that either cause or threaten societal harm.

These developments should concern any scholar invested in compliance’s success. The issue isn’t simply one of structure, of making sure information moves efficiently from point a to point b. Nor is it one of ensuring that a firm measures and validates its rosy assertions of good citizenship and adherence to law. The problem goes deeper than that. Consider the extent to how more politically fractured our society is today than it was two decades ago. Sarbanes-Oxley was itself a piece of bipartisan legislation, enacted in the wake of Enron’s fall, concurrent with a series of criminal prosecutions and a well-regarded task force. It is more than a thought experiment to ask whether so sweeping a bill would receive the level of initial support it received back then.

When corporate teams and rank-and-file employees are politically polarized, policies and facts that raise compliance concerns are apt to be distorted and misunderstood. Polarization becomes the ultimate information silo, keeping one person from trusting—and therefore openly talking—to another. Compared to poorly designed systems, affective polarization’s psychological silo creates a far more daunting challenge for reformers. It’s difficult enough to ensure that one department shares information freely with another. It is far more difficult to scale the psychological supports an employee erects to protect herself, particularly when political partisanship causes her to invest in the belief that “out” groups are invested in undermining her well-being.

Now, one might argue that political partisanship has always been a challenge for compliance officers. But social science indicates that polarization and partisanship are weightier issues today than they were two decades ago. Moreover, our political fights are indelibly intertwined with disputes over corporate power and governance. Corporate social responsibility (CSR) and environmental, social, and governance (ESG) concerns have surged to the forefront of debates about corporate governance and securities disclosures. For an employee, her employer’s political advocacy and social governance efforts (sometimes referred to as “brand activism”) makes those political cleavages feel more salient and more fraught, up and down the corporate ladder. Whether these political activities are benign, positive contributions to social welfare, or in fact cynical exercises in performative posturing, they all cue identarian impulses by reminding corporate employees where each political party stands on a given issue. Heated political elections and social media further ensure that political disputes impact the workplace, even if subconsciously. For a society whose members frequently equate “work” with personal identity, workplace polarization is therefore far less of an “if ” than a “when.”

Notwithstanding the foregoing, we should consider the following caveat. Polarization may indeed be a weightier issue than it was two decades ago, but how and where it manifests itself is far from settled. It might affect some industries more than others. It might impact certain types of questions to a greater degree than others. And it may become more salient following a particular regime change, a hard fought election, or a highly disruptive court case. Thus, for the compliance officer, polarization is a chronic background problem that exists but is still difficult to pinpoint or measure with any degree of precision. It is a variable that could easily skew and undermine compliance, but it is just amorphous enough to elude effective redress and neutralization.

B. Politicization

For years, the DOJ, a de facto regulator of corporate compliance, has been able to successfully avoid claims of partisanship and politicization. Particularly where corporate crime and compliance are concerned, most of the DOJ’s harshest detractors have shied away from openly partisan attacks. Critics might complain that the Department is too sluggish in pursuing corporate officers, or that it has overreached in its treatment of a given corporate defendant, but for the most part, the Department’s failures have been attributed to faulty prosecutorial assumptions or weak structures, and not pure partisan alignment. If affective polarization continues to grow, this universalist perspective on federal enforcement may well be overtaken by a more polarized view of DOJ successes and failures.

Those familiar with the Department of Justice’s contemporary treatment of corporate wrongdoing often trace the DOJ’s corporate crime policies back to Eric Holder’s 1999 memo advising of the standard factors prosecutors should weigh. Holder was the Deputy Attorney General during the Clinton Administration’s waning years. When George Bush was elected president, Larry Thompson became the Deputy Attorney General, and the Holder Memo was superseded by the Thompson Memo.

There were, of course, differences between the Holder and Thompson memos, but there was far more that united them than divided them. Both memos began from the premise that corporations were subject to respondeat superior’s sweeping theory of vicarious criminal liability. Both used the same general framework to weigh criminal charges versus a deferred or non-prosecution agreement. And both emphasized the value in inducing corporations to self-police and voluntarily cooperate with federal prosecutors in bringing individual officers and employees to account. They might have utilized different tools or language, but these were the kinds of differences that made for good debates among academics and practitioners. Thus, corporate crime policy was more or less apolitical, or at least nonpartisan.

Jennifer Nou observes that the term “politicized” is usually an epithet accusing an agency’s “political appointees [of acting] in a nontechnical manner to achieve some partisan outcome.” An agency becomes overly “politicized” when its enforcement decisions lack objective explanation or appear designed to reward a leader’s friends and punish his enemies.

Not every controversial policy decision is the product or evidence of politicization. For example, the Department of Justice might decide to shift more of its resources toward the investigation and prosecution of white-collar crime and away from immigration and drug enforcement (or vice versa). These are of course important policy decisions, but they resonate differently from a decision to punish Company A because its board is too “liberal” or reward Company B because its owners are “conservative.”

To repel claims of politicization and partisanship, the Department of Justice’s leaders and supporters have insisted on maintaining a strong independence norm, putting in place formal and informal constraints to limit the extent to which a President can deploy the government’s punitive might or pull punches when the circumstances might warrant. In their historical account of the DOJ, Bruce Green and Rebecca Roiphe elaborate:

Just as expertise formed the cornerstone of the administrative state, so too professional independence became the defining characteristic of the DOJ… . It grew to denote a distance from both the changing tide of popular opinion and the ambitions of partisan politics. In the wake of the Watergate scandal, the debate over how to foster and ensure independence culminated in the explicit articulation of the separation of the DOJ from presidential control.

Thus, independence and professionalism are two strong values that not only define the DOJ and its enforcement personnel, but which have also served as important elements in providing the Department requisite distance from partisan political disputes. A “distanced” DOJ is one that is more likely to enjoy public support and respect and to avoid the animus associated with affective polarization.

Here too, the story takes a turn. Over the past two decades, the DOJ’s studious independence, intended to protect it from claims of political partisanship, has faded. Early signs occurred during the Bush administration, when congressional hearings revealed efforts to dismiss United States Attorneys who were thought to be insufficiently loyal to the Bush administration’s political agenda. In later years, the DOJ was excoriated for its failure to successfully prosecute corporate executives responsible for the 2008 Financial Crisis. But these ills—distracting as they may be from the DOJ’s core mission—are conceptually distinct from the issues that arose during and toward the end of the Trump administration’s tenure. During and after the Trump presidency, the DOJ became “politicized,” both in reality and perception. Numerous accounts indicate that the Trump administration’s law enforcement decisions were made with an eye toward pleasing the former president, punishing his enemies, or somehow evening the “score” between Democrats and Republicans.

Post-Trump, the DOJ has continued to attract politicization complaints—merited or not. Despite the current Attorney General’s sterling reputation, numerous news organizations question whether his decisions are or could be viewed as “partisan.” The Department’s decisions to investigate efforts to overturn the 2020 election; to pursue individuals who participated in the January 6, 2020, insurrection; and to investigate and pursue the former president’s failure to return materials to the National Archives have all been castigated at one point or another as politically motivated.

How does the evolving perception of federal enforcement affect internal corporate compliance? Recall, compliance regulation has become nationalized and entwined in federal criminal law. The accounting fraud prosecutions that followed Enron and Worldcom’s implosions focused the nation’s attention on federal criminal law and its enforcement. The DOJ has long taken advantage of this focus by publicly advising of the corporate behaviors that would draw criticism and praise from federal prosecutors, and by fashioning non-binding policies that provide further guidance on when corporations can expect to receive leniency in exchange for information. Now, however, if federal prosecutors become more politicized, corporate compliance officers will rightfully interpret prosecutorial decision-making through a more partisan and polarized lens. Notice, then, the double whammy: polarization and partisanship threaten the compliance function’s ability to collect information from managers and employees, and at the same time, they also dampen the firm’s willingness to voluntarily disclose information to regulators and prosecutors. Information thus encounters two difficult-to-remove bottlenecks.

In sum, given the centrality of the corporate compliance function’s relationship with government enforcers, it is difficult to overstate politicization’s negative impact on corporate compliance. In the next two sections, I flesh out what that impact might look like in both abstract and concrete terms.

C. Silos and Distrust

Much of compliance’s challenge boils down to three issues: First, because corporate life is highly specialized, information is necessarily compartmentalized. A similar degree of compartmentalization exists throughout the enforcement ecosystem, as vertical and horizontal specializations in enforcement create barriers to the flow of information. As Veronica Root-Martinez has deftly explained, compliance-related information inside and outside the firm eventually becomes siloed. Second, because corporate officers, rank-and-file employees, and government agents all have different agendas and interests, a pervasive trust vacuum further prevents information from making its way through the corporation (up to and including the board) and out to the stakeholders and enforcement agencies who could best use that information. Finally, in addition to silos and trust vacuums, compliance is further hampered by self-interest. When managers and mid-level supervisors can benefit from turning a blind eye and remaining silent (or simply convincing themselves that nothing untoward has happened), that is how they are likely to behave.

One can argue that much of what we call “compliance regulation” is aimed at overcoming the triad of silos, trust issues, and opportunistic self-interest. That’s all well and good if all one cares about is structure and the gaps that form when systems are neglected or poorly designed. Once we acknowledge polarization and politicization, however, the challenge of redressing this triad becomes more difficult. An information silo caused by poor system-design functions quite differently from the psychological silo erected out of deep-seated animus—and fear—of one’s political adversaries. To be clear, this fear is not necessarily misplaced. Researchers have found that political “[p]artisanship motivates intergroup discrimination.” The worker fearful that a comment or challenge to authority will be viewed in a particularly negative way may well be right.

Trust issues within the company, as well as between the company and government enforcers, pose difficult hurdles. They are not insuperable, however, if one creates a credible architecture of incentives and behavioral supports. That is indeed the compliance function’s promise—that it will coordinate the relationship between employees and managers, and between managers and outside enforcers. It is also the primary reason structural innovations are assumed to be a “net good” even if they are initially costly. Notice, however, how easily compliance’s architecture loses its effectiveness if the corporation’s employees or officers become convinced that “politics” will supersede objective analysis and wipe out written policy. “Structure” cannot do too much if a company’s employees see themselves as living in a world of hostile enemies.

My point here is not to predict some sort of Armageddon or total breakdown of the firm. Rather, it is to say that as our society becomes more polarized, and our enforcement institutions more politicized, the information bottlenecks of two decades ago will become stickier and more difficult to unclog. Information will continue to be suppressed and eventually lost, thereby causing the compliance function to suffer. Corporate teams will be less adept in identifying risks and less likely to pivot when those risks become more noticeable. In sum, compliance departments that continue to rely on the same techniques and methods that were once heralded as effective should eventually produce worse outcomes. Firms will, yet again, spend lots of money, only to ask why the compliance department failed to prevent tomorrow’s scandal.

In the wake of scandals that result in large losses of money and systemic shocks, the compliance officer will find herself in a far more precarious position than she might have once expected. Compliance will, despite its many bells and whistles, find itself fighting for its future survival. To the architects and proponents of sweeping legislative reforms such as Sarbanes-Oxley, that may be cause for disappointment, if not outright surprise.

D. Practical Implications for Compliance and the Workplace

The preceding prediction—that polarization will continue and indelibly impact the corporate workplace and its broader enforcement network—is reflected in several workplace and enforcement-related trends, three of which I discuss here.

The first pertains to artificial intelligence (AI). AI is and has become a major feature of the private sector. Scholars such as Mihailis Diamantis have already written of the ways in which artificial intelligence impacts the incidence of corporate wrongdoing and compliance. To a compliance officer, machines are both a boon and a burden. On the one hand, machines cannot fall prey to momentary impulses or moral failings; nor might they trigger liability under federal law’s respondeat superior doctrine. But machines can of course do quite a bit of harm depending on how they are programmed or how they ultimately “teach” themselves. Moreover, because compliance has always depended on and included in its mission the inculcation of pro-social norms and values, the compliance function itself can never be fully automated. Compliance can use machines, but it should never be replaced by machines.

Notice how polarization and politicization alter this equation. In the abstract, there is some optimal mix of persons and machines that operate and govern the firm, hopefully all in compliance with the law. In a real world characterized by increasing levels of polarization and politicization, however, mechanization appears more desirable, at least initially. Machines do not belong to political parties. They don’t fight over political issues or see their colleagues through a partisan prism. Nor do they create the political and social misalignment problems that underpin polarization and indirectly undermine corporate efficiency. Machines, moreover, offer companies the ability to disclaim bias or polarized thinking when someone questions a company’s decision. Thus, we may end up with more AI and a greater reliance on machine-thinking than many would find optimal.

This is a problem on two levels. First, one can imagine multiple sectors and fields where an excessive reliance on AI produces worse outcomes. The field of compliance, for instance, relies on trust-building, information flows, and iterative relationships. To that end, one would expect interpersonal contact to be superior to machines in developing the kinds of norms and deep personal ties that compliance officers rely on to detect and prevent wrongdoing.

Moreover, an overreliance on machines may ironically strengthen affective polarization, advancing a pernicious feedback loop. Political psychologists posit that the best way to reduce affective polarization is to maintain structured settings in which different people can civilly interact with each other and decrease their hostility toward out-groups. The workplace that replaces its employees with machines reduces opportunities for these healthy interpersonal contact opportunities To put it another way, affective polarization skews our preferences in the direction of machines and an overreliance on machines reinforces affective polarization.

A similar dynamic is embedded in the debate over remote work. As Covid-19 recedes, supervisors are debating how much to lean into this trend, and the debate is itself polarized along different socioeconomic lines. Some workers never left the workplace, others have yet to return, and many others have constructed a hybrid work week.

How remote work impacts the incidence of corporate wrongdoing is difficult to predict and calculate. The vaunted “fraud triangle” tells us that deceptive crimes such as fraud are contingent on a triad of factors, namely opportunity, pressure, and self-rationalizations. From a pressure standpoint, the fact that employees can work remotely can either empower employees (since they can apply for and accept jobs in locations far from home), or strengthen the hands of employers, who are no longer restrained to hiring from a specific location. As for opportunity, for certain misconduct (including fraud and bribery), remote work could theoretically narrow pathways to violating the law, as employees can no longer easily speak to each other in person. (Savvy fraudsters should shy away from conspiring over email or recorded tele-meetings.) At the same time, remote work can weaken the very norms and social ties that restrain employees from violating rules. Like AI, remote work reduces interpersonal, face-to-face contact among employees, suppliers, customers, and regulators. Less contact, in turn, may set us up for more affective polarization. And finally, for certain industries, remote work could affirmatively increase the incidence of wrongdoing by causing a notable decrease in the likelihood of its prompt detection, as compliance officers and would-be whistleblowers lack the ability to witness and promptly act upon suspicions of wrongdoing.

Sung Hui Kim highlights this point in her discussion of in-house attorneys as valuable gatekeepers. Information makes its way to gatekeepers through “formal” channels (e.g., reporting and disclosure requirements) and through “informal” channels, including “accidental, everyday social interactions among employees of the company who share the same physical space.” Notice the assumption upon which Kim’s observation is built: that employees and inside attorneys (who could just as easily be replaced by compliance personnel) share physical space. If informal “information channels” benefit from fortuitous encounters, compliance personnel ought to resist work-from-home’s expansion, all else being equal. After all, if it is water-cooler gossip that enables the compliance department to glean important information, work-from-home eliminates that information channel, leaving the firm worse off.

Here again, the reminder that we are undergoing a major shift in how we feel about “out-groups” provides a potent explanation for remote work’s popularity. Even if remote work increases the risk of undetected wrongdoing—and inadvertently creates certain information silos —it may promote psychological benefits that make a polarized workplace more palatable. People who work remotely may be less likely to strike up conversations about politics. (They certainly are less likely to strike up any unplanned conversation, so political ones ought not to be any different.) Indeed, remote work may be the mechanism that enables an officer or employee to remain on the job, even when their politics are out of alignment with the larger group. This, perhaps, is one of the undiscussed silver linings of working from somewhere other than an office: it reduces the interpersonal costs that arise out of being a member of a misaligned team. Accordingly, we might hope that insofar as it paves the way for more heterogenous working groups, remote work might also facilitate a workplace with less herdlike behavior, less political self-sorting, and more deliberative and valuable decision-making.

Notice, then, the dilemma: the very mechanism that deflates polarization’s costs may also increase the risk of noncompliance. Without a supervisor or colleague nearby, it may be easier for an employee to commit fraud, bribery, or regulatory violations. But it may also be easier for that employee to make peace with people who adhere to different beliefs and ideologies.

Polarization and politicization shed additional light on a third trend, which pertains to compliance’s enforcement Although it is difficult to say this with certainty, it certainly feels as if we are witnessing a defederalization of corporate compliance enforcement.

Sarbanes-Oxley may one day be viewed as a high-water mark in the federal system’s regulation of corporate compliance. If we look back on this time period, we might conclude that the typical corporate compliance officer within a large or mid-size company was well versed in federal criminal and regulatory law. She hired attorneys at the top law firms to advise her on how best to deal with federal prosecutors and regulators, from the DOJ, to the SEC, to the local United States Attorneys’ Offices. She faithfully reviewed updates to the DOJ’s charging memos and Organizational Sentencing Guidelines; and she was careful to follow the internal governance obligations set forth in legislation such as Sarbanes-Oxley and regulations set forth by the SEC. No wonder, then, that the companies who could afford to do so hired former prosecutors and regulators to staff their compliance departments and represent the company in corporate criminal inquiries.

Today, our compliance officer would be well advised to look beyond federal law. Corporate wrongdoing can be pursued globally, locally, and by civil complaint. As a result, compliance is no longer solely the federal government’s domain. Indeed, from this perspective, it may be highly fortuitous that the Delaware court’s invigorated Caremark approach surfaced when it did, in 2019. When the federal government’s enforcement agencies lose political support and endure an erosion of legitimacy, we welcome other sources of enforcement to fill the gap.

To that end, Delaware’s re-emergence as a key regulator of corporate compliance is no accident. Indeed, it arguably represents a reversal of the “symbiotic federalism” concept that Marcel Kahan and Edward Rock heralded in 2005. Speaking of the relationship between federal and state corporate regulators, the professors wrote:

If Delaware is not able to regulate certain conduct effectively, it is probably in its interest to have this conduct regulated on the federal level (or by other states) to fill the lacunae in its own law. Without such federal regulation, continued and unsanctioned wrongdoing could result in a populist backlash against Delaware as the provider of an ineffective regulatory regime … . [B]y making the system as a whole less scandal-prone, federal regulation reduces the likelihood of a populist attack.

The authors, writing in 2005, were eerily prescient about how populist anger might engulf government institutions. The only point the authors failed to predict is that the federal government itself eventually became the target of such attacks.

There is nothing per se problematic about shifting from a federal approach to a more decentralized framework that emphasizes state and local enforcement personnel. If society finds state and institutions more democratically responsive to public demands, that shift may in fact be welcome. But here again, our experience with corporate debacles of the type that birthed Sarbanes-Oxley might give us pause. The very scope and complexity of corporate wrongdoing has long served as our reason for relying on a strong, federally coordinated enforcement response. If the federal government’s enforcement apparatus does in fact become so “politicized” that it loses its legitimacy and ability to influence corporate behavior, it is far from clear that either state or local institutions will develop the necessary bandwidth to pick up the federal government’s slack.

IV. Conclusion

It is beyond debate that compliance has solidified into a standardized, well-regarded governance function within large and publicly held corporations. Nevertheless, for reasons outside the compliance industry’s control, corporate compliance remains fragile. If our society becomes more polarized and our enforcement institutions become more politicized and partisan, these developments inevitably will undermine the firm’s internal compliance apparatus and the broader web in which corporations and enforcement agencies operate. Compliance is, after all, a story of relationships as much as it is a story of architecture, systems, and metrics. We know from the burgeoning literature on political psychology that our political views clearly impact how we receive information and how we see the world and each other.

For all those reasons, those of us invested in compliance’s endurance should pay more attention to politics and its interaction with workplace psychology. For academics, this prescription arises at a fortuitous moment. Scholars have already begun to track the relationship between political partisanship and workplace behavior, and between political affiliation and corporate teams. Compliance scholars would do well to mine these literatures for their implications. Two decades ago, a legal academy that had just commenced its extended study of behavioral economics and social norms fruitfully exploited the behavioral and organizational psychology fields to better understand the dynamics of corporate wrongdoing. Today, the academy should turn its attention to a different set of dynamics. To do otherwise is to set ourselves up for another round of corporate wrongdoing and failures.

This article was prepared for the UCLA Symposium, Sarbanes-Oxley at 20. I am grateful to Professor James Park for organizing and inviting me to join in this symposium, and for his comments on this piece. I also thank the other participants in this conference for their helpful feedback. Many thanks are due as well to the colleagues who carefully read and offered thoughtful comments on this article, including Mihailis Diamantis, James Fanto, Andrew Jennings, and Karen Woody.